Many organizations are considering migrating their mail servers to the cloud. Cloud operations seem like an attractive solution at first glance, because Microsoft advertises Exchange Online as being ideally suited to reduce the IT department’s workload, for example. After all, maintaining the local Exchange version requires a lot of time and effort, for instance for installing patches and updates.
According to the expert portal computerweekly, Microsoft’s Exchange Online also offers a high availability guarantee that can’t be provided by an in-house IT team due to factors, such as resources, infrastructure, hardware, to name but a few.
But let’s be clear that migrating to Exchange Online may also have downsides.
You should definitely consider possible risks and functional restrictions before settling on your long-term digitization or cloud strategy.
We have summarized the most important aspects for you here:
- An Exchange Online archiving environment on its own does not meet compliance requirements because it lacks a journaling process. To solve this problem, you will need to use an external mailbox (hybrid approach).
- Exchange Online does not index archived documents, and it does not convert non-machine-readable attachments via OCR. This severely restricts users’ ability to perform a search.
- In Exchange Online, users cannot perform their own retrieval.
- Lack of auditability: Office 365 does not provide a feature for searches across several mailboxes.
“The weak spot”: Cloud usage and compliance?
The GDPR states that cloud providers act as Processors. This is where German law (such as the GDPR) comes into conflict with the Anglo-American legal system and its fundamentally different US Corporate Law. This mix of complex legal and technical aspects requires a neutral assessment of your current situation.
After the European Court of Justice (ECJ) invalidated first Safe Harbor and then, in the summer of 2020, the follow-up regulation Privacy Shield, it has become more than questionable whether the use of cloud services offered by US providers can still be compliant.
While the GoBD (basic principles on the proper keeping and storage of financial books, recordings, and documents in electronic form as well as data access)‘s revised version of 2019 explicitly allows using cloud technologies, under German law, the three major US cloud providers Microsoft, Amazon, and Google do not offer fully satisfactory concepts for storing tax documents to date.
Under US law, it is currently possible for US investigation authorities to access cloud providers’ customer data, even if this data resides outside of US territories (Clarifying Lawful Overseas Use of Data Act).
The German data protection conference DSK issued an explicit warning regarding the situation in connection with GDPR compliance because German organizations currently have no legal way to defend themselves against this practice.
(Source: Dr. Thomas Schwenke / Datenschutz-Generator.de, October 07, 2020)
After fines amounting to millions of euros were imposed on companies like 1&1 Telecom and Deutsche Wohnen, every IT manager should now be aware that considerable financial risks can occur if sensitive data is handled carelessly.
And now? What’s next?
Act now! Keep third parties from accessing your Exchange Online mailboxes and combine your Exchange Online business benefits with …
We are happy to show you how you can benefit even more from Microsoft Exchange Online with dataglobal CS.
Write to us!
Use our contact form!